Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Hundreds of Fake Election Domains Target Democrats, Republicans

Threat intelligence company Digital Shadows has uncovered over 550 fake domains attempting to mimic websites related to the 2020 presidential election in the United States.

The company’s researchers identified typosquatted domains targeting Democratic and Republican candidates, along with funding sites of the Republican Party.

Threat intelligence company Digital Shadows has uncovered over 550 fake domains attempting to mimic websites related to the 2020 presidential election in the United States.

The company’s researchers identified typosquatted domains targeting Democratic and Republican candidates, along with funding sites of the Republican Party.

Roughly one-third of the typosquatted domains are either non-malicious, which means they host no content or content that only makes fun of a candidate, or they are misconfigured or unauthorized websites, which includes improperly configured sites that only host an index page and unofficial domains that may have been set up by fans of a candidate.

The rest, however, representing 68%, redirect visitors to other sites, in many cases ones belonging to the competition. For example, the winrde.com domain, which may be accessed by users who want to go to the Republican donation website WinRed.com, redirects users to ActBlue, the primary fundraising website of the Democrats.

The domains tulsi2020.co and elizibethwarren.com — the legitimate domains are tulsi2020.com for Tulsi Gabbard and elizabethwarren.com for Elizabeth Warren, both Democratic candidates — redirect visitors to marianne2020.com and donaldjtrump.com, the campaign websites of Democratic candidate Marianne Williamson and Republican candidate Donald Trump.

Fake election domains

Six of the fake election domains have been found to redirect visitors to websites offering file conversion and secure browsing Chrome extensions. Some of these tools can allow attackers to hijack users’ browser sessions.

In one case, researchers uncovered an IP address hosting over 60 fake domains, including a dozen related to candidates or political topics. All of the domains were registered to an address in Panama, with other information hidden by the WhoisGuard privacy protection service.

“Setting up a fake domain is easy with virtually no checks from the organization selling the address. It’s easy for malicious actors to dupe voters and just as easy to impersonate brands and companies to commit fraud. It’s a problem we see every day,” said Harrison Van Riper, research analyst at Digital Shadows.

“An unintentional consequence of GDPR since the regulation’s enactment last May has been the removal of domain registration details from the official records making it very hard to tell who or what organization stands behind a specific domain,” Van Riper added.

Data from June 2018 to June 2019 indicates that brand protection providers have had only 4% to 14% of Whois reveal requests actioned successfully. GDPR has generally been a great initiative, but in terms of domain impersonation, it’s had unintended consequences that aid criminals and other actors that are out to cause confusion and harm,” he explained.

Related: 2020 U.S. Presidential Candidates Vulnerable to Email Attacks

Related: New Service Hunts Malicious Domain Names

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.